static void testFindPublicationRef(CuTest *tc) {
int res;
KSI_PublicationsFile *pubFile = NULL;
KSI_PublicationRecord *pubRec = NULL;
KSI_Integer *pubTime = NULL;
KSI_LIST(KSI_Utf8String) *pubRefList = NULL;
size_t i;
int isPubRefFound = 0;
KSI_CTX *ctx = NULL;
res = KSITest_CTX_clone(&ctx);
CuAssert(tc, "Unable to create KSI context.", res == KSI_OK && ctx != NULL);
res = KSITest_setDefaultPubfileAndVerInfo(ctx);
CuAssert(tc, "Unable to set default values to context.", res == KSI_OK);
KSI_ERR_clearErrors(ctx);
res = KSI_CTX_setPublicationUrl(ctx, getFullResourcePathUri(TEST_PUBLICATIONS_FILE));
CuAssert(tc, "Unable to set pubfile URI.", res == KSI_OK);
res = KSI_receivePublicationsFile(ctx, &pubFile);
CuAssert(tc, "Unable to get publications file.", res == KSI_OK && pubFile != NULL);
res = KSI_verifyPublicationsFile(ctx, pubFile);
CuAssert(tc, "Unable to verify publications file.", res == KSI_OK);
res = KSI_Integer_new(ctx, 1397520000, &pubTime);
CuAssert(tc, "Unable to create ksi integer object.", res == KSI_OK && pubTime != NULL);
res = KSI_PublicationsFile_getPublicationDataByTime(pubFile, pubTime, &pubRec);
CuAssert(tc, "Unable to get publication record by publication date.", res == KSI_OK && pubRec != NULL);
KSI_Integer_free(pubTime);
pubTime = NULL;
res = KSI_PublicationRecord_getPublicationRefList(pubRec, &pubRefList);
CuAssert(tc, "Unable to get publications ref list", res == KSI_OK && pubRefList != NULL);
for (i = 0; i < KSI_Utf8StringList_length(pubRefList); i++) {
KSI_Utf8String *pubRef = NULL;
res = KSI_Utf8StringList_elementAt(pubRefList, i, &pubRef);
CuAssert(tc, "Unable to get element from list", res == KSI_OK && pubRef != NULL);
if (!strcmp("Financial Times, ISSN: 0307-1766, 2014-04-17", KSI_Utf8String_cstr(pubRef))) {
isPubRefFound = 1;
}
}
CuAssert(tc, "Financial times publication not found", isPubRefFound);
KSI_PublicationsFile_free(pubFile);
KSI_CTX_free(ctx);
}
static void testFindPublicationRef(CuTest *tc) {
int res;
KSI_PublicationsFile *pubFile = NULL;
KSI_PublicationRecord *pubRec = NULL;
KSI_Integer *pubTime = NULL;
KSI_LIST(KSI_Utf8String) *pubRefList = NULL;
size_t i;
int isPubRefFound = 0;
KSI_ERR_clearErrors(ctx);
res = KSI_receivePublicationsFile(ctx, &pubFile);
CuAssert(tc, "Unable to get publications file.", res == KSI_OK && pubFile != NULL);
res = KSI_Integer_new(ctx, 1397520000, &pubTime);
CuAssert(tc, "Unable to create ksi integer object.", res == KSI_OK && pubTime != NULL);
res = KSI_PublicationsFile_getPublicationDataByTime(pubFile, pubTime, &pubRec);
CuAssert(tc, "Unable to get publication record by publication date.", res == KSI_OK && pubRec != NULL);
KSI_Integer_free(pubTime);
pubTime = NULL;
res = KSI_PublicationRecord_getPublicationRefList(pubRec, &pubRefList);
CuAssert(tc, "Unable to get publications ref list", res == KSI_OK && pubRefList != NULL);
for (i = 0; i < KSI_Utf8StringList_length(pubRefList); i++) {
KSI_Utf8String *pubRef = NULL;
res = KSI_Utf8StringList_elementAt(pubRefList, i, &pubRef);
CuAssert(tc, "Unable to get element from list", res == KSI_OK && pubRef != NULL);
if (!strcmp("Financial Times, ISSN: 0307-1766, 2014-04-17", KSI_Utf8String_cstr(pubRef))) {
isPubRefFound = 1;
}
}
CuAssert(tc, "Financial times publication not found", isPubRefFound);
}
char *KSI_PublicationRecord_toString(KSI_PublicationRecord *t, char *buffer, size_t buffer_len) {
int res = KSI_UNKNOWN_ERROR;
char *ret = NULL;
char tmp[256];
size_t len = 0;
size_t i;
len += KSI_snprintf(buffer + len, buffer_len - len, "%s", KSI_PublicationData_toString(t->publishedData, tmp, sizeof(tmp)));
for (i = 0; i < KSI_Utf8StringList_length(t->publicationRef); i++) {
KSI_Utf8String *ref = NULL;
res = KSI_Utf8StringList_elementAt(t->publicationRef, i, &ref);
if (res != KSI_OK) goto cleanup;
len += KSI_snprintf(buffer + len, buffer_len - len, "\nRef: %s", KSI_Utf8String_cstr(ref));
}
ret = buffer;
cleanup:
return ret;
}
static int verifyOnline(KSI_CTX *ctx, KSI_Signature *sig) {
int res = KSI_UNKNOWN_ERROR;
KSI_ExtendReq *req = NULL;
KSI_Integer *start = NULL;
KSI_Integer *end = NULL;
KSI_RequestHandle *handle = NULL;
KSI_DataHash *extHash = NULL;
KSI_DataHash *calHash = NULL;
KSI_ExtendResp *resp = NULL;
KSI_Integer *status = NULL;
KSI_CalendarHashChain *calChain = NULL;
KSI_DataHash *rootHash = NULL;
KSI_DataHash *pubHash = NULL;
KSI_VerificationStep step = KSI_VERIFY_CALCHAIN_ONLINE;
KSI_VerificationResult *info = &sig->verificationResult;
KSI_LOG_info(sig->ctx, "Verifying signature online.");
/* Extract start time */
res = KSI_CalendarHashChain_getAggregationTime(sig->calendarChain, &start);
if (res != KSI_OK) goto cleanup;
/* Clone the start time object */
KSI_Integer_ref(start);
if (sig->verificationResult.useUserPublication) {
/* Extract end time. */
res = KSI_PublicationData_getTime(sig->verificationResult.userPublication, &end);
if (res != KSI_OK) goto cleanup;
}
res = KSI_createExtendRequest(sig->ctx, start, end, &req);
if (res != KSI_OK) goto cleanup;
res = KSI_sendExtendRequest(ctx, req, &handle);
if (res != KSI_OK) goto cleanup;
res = KSI_RequestHandle_perform(handle);
if (res != KSI_OK) {
KSI_pushError(ctx,res, NULL);
goto cleanup;
}
res = KSI_RequestHandle_getExtendResponse(handle, &resp);
if (res != KSI_OK) goto cleanup;
/* Verify the correctness of the response. */
res = KSI_ExtendResp_verifyWithRequest(resp, req);
if (res != KSI_OK) {
KSI_pushError(ctx, res, NULL);
goto cleanup;
}
res = KSI_ExtendResp_getStatus(resp, &status);
if (res != KSI_OK) goto cleanup;
/* Verify status. */
if (status != NULL && !KSI_Integer_equalsUInt(status, 0)) {
KSI_Utf8String *respErr = NULL;
char errm[1024];
res = KSI_ExtendResp_getErrorMsg(resp, &respErr);
if (res != KSI_OK) goto cleanup;
KSI_snprintf(errm, sizeof(errm), "Extend failure from server: '%s'", KSI_Utf8String_cstr(respErr));
res = KSI_VerificationResult_addFailure(info, step, errm);
goto cleanup;
}
res = KSI_ExtendResp_getCalendarHashChain(resp, &calChain);
if (res != KSI_OK) goto cleanup;
res = KSI_CalendarHashChain_getInputHash(calChain, &extHash);
if (res != KSI_OK) goto cleanup;
res = KSI_CalendarHashChain_getInputHash(sig->calendarChain, &calHash);
if (res != KSI_OK) goto cleanup;
if (!KSI_DataHash_equals(extHash, calHash)) {
res = KSI_VerificationResult_addFailure(info, step, "Extender returned different input hash for calendar hash chain.");
goto cleanup;
}
if (sig->verificationResult.useUserPublication) {
res = KSI_CalendarHashChain_aggregate(calChain, &rootHash);
if (res != KSI_OK) goto cleanup;
if (!KSI_DataHash_equals(rootHash, pubHash)) {
res = KSI_VerificationResult_addFailure(info, step, "External publication imprint mismatch.");
goto cleanup;
}
}
res = KSI_VerificationResult_addSuccess(info, step, "Verified online.");
cleanup:
KSI_Integer_free(start);
KSI_ExtendReq_free(req);
KSI_RequestHandle_free(handle);
KSI_ExtendResp_free(resp);
return res;
}
static int verifyCalAuthRec(KSI_CTX *ctx, KSI_Signature *sig) {
int res = KSI_UNKNOWN_ERROR;
KSI_OctetString *certId = NULL;
KSI_PKICertificate *cert = NULL;
KSI_OctetString *signatureValue = NULL;
KSI_Utf8String *sigtype = NULL;
const unsigned char *rawSignature = NULL;
size_t rawSignature_len;
unsigned char *rawData = NULL;
size_t rawData_len;
KSI_VerificationStep step = KSI_VERIFY_CALAUTHREC_WITH_SIGNATURE;
KSI_VerificationResult *info = &sig->verificationResult;
if (sig->calendarAuthRec == NULL) {
res = KSI_OK;
goto cleanup;
}
KSI_LOG_info(sig->ctx, "Verifying calendar authentication record.");
res = KSI_PKISignedData_getCertId(sig->calendarAuthRec->signatureData, &certId);
if (res != KSI_OK) goto cleanup;
if (certId == NULL) {
res = KSI_INVALID_FORMAT;
goto cleanup;
}
res = initPublicationsFile(&sig->verificationResult, ctx);
if (res != KSI_OK) goto cleanup;
res = KSI_PublicationsFile_getPKICertificateById(sig->verificationResult.publicationsFile, certId, &cert);
if (res != KSI_OK) goto cleanup;
if (cert == NULL) {
res = KSI_VerificationResult_addFailure(info, step, "Certificate not found.");
goto cleanup;
}
res = KSI_PKISignedData_getSignatureValue(sig->calendarAuthRec->signatureData, &signatureValue);
if (res != KSI_OK) goto cleanup;
res = KSI_OctetString_extract(signatureValue, &rawSignature, &rawSignature_len);
if (res != KSI_OK) goto cleanup;
res = KSI_TLV_serialize(sig->calendarAuthRec->pubData->baseTlv, &rawData, &rawData_len);
if (res != KSI_OK) goto cleanup;
res = KSI_PKISignedData_getSigType(sig->calendarAuthRec->signatureData, &sigtype);
if (res != KSI_OK) goto cleanup;
res = KSI_PKITruststore_verifyRawSignature(sig->ctx, rawData, rawData_len, KSI_Utf8String_cstr(sigtype), rawSignature, rawSignature_len, cert);
if (res != KSI_OK) {
res = KSI_VerificationResult_addFailure(info, step, "Calendar authentication record signature not verified.");
goto cleanup;
}
res = KSI_VerificationResult_addSuccess(info, step, "Calendar authentication record verified.");
cleanup:
KSI_free(rawData);
return res;
}
